Lines of code #L31-#L75
Anyone can call the perform function. It can lead to unauthorized changes in the security council.
There is no access control in the perform function and it is marked βexternalβ.
function perform(address _securityCouncil, address[] memory _updatedMembers, uint256 _nonce)
external
returns (bool res)
{
Anyone can call the perform function and update members of the security council.
Manual review
Use an access control contract such as OpenZeppelinβs AccessControl.
Access Control
The text was updated successfully, but these errors were encountered:
All reactions